A range finding apparatus uses a light-receiving device in which a first pixel having a first sensitivity and a second pixel having a second sensitivity that is lower than the first sensitivity are two-dimensionally arranged. The range finding apparatus measures time periods from a predetermined time until times when light is incident on each of the first pixel and the second pixel, and computes distance information for the first pixel and the second pixel based on the measured time periods. The measurement resolution used to measure the time period for the second pixel is lower than a measurement resolution used to measure the time period for the first pixel.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 9/46 - Dispositions pour la multiprogrammation
A system includes one or more processors configured to collect data at multiple levels from a target environment via one or more cyber vulnerability (C V) data collection modules, the multiple levels comprising a network level, a platform level, and a binary level. The one or more processors are further configured to analyze the collected data, via a correlation engine, to identify relationships between entities in the collected data across the multiple levels, and to derive one or more blocks representative of the entities. The one or more processors are additionally configured to create one or more links between the one or more blocks based on the identified relationships, and to construct, via a model generator, a CV attack surface model comprising the one or more blocks connected via the one or more links.
09 - Appareils et instruments scientifiques et électriques
41 - Éducation, divertissements, activités sportives et culturelles
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
computer hardware in the field of cybersecurity and computer security; downloadable and recorded computer software in the field of cybersecurity and computer security, namely, software for conducting static and dynamic analysis for purposes of identifying and protecting against security threats; computer network security hardware; downloadable and recorded computer software in the field of network security, namely, software for conducting static and dynamic analysis for purposes of identifying and protecting against security threats; intelligence, counterintelligence, and data analysis computer hardware; downloadable and recorded computer software in the fields of intelligence, counterintelligence, and data analysis, namely, software for conducting static and dynamic analysis, data analysis and data engineering, and running mission-specific algorithms for purposes of identifying and protecting against security and classified intelligence-related threats; computer hardware providing users with information concerning conditions and threats so that the users can better protect their networks and systems; downloadable and recorded computer software that provides users with near- and real-time information concerning cybersecurity and classified intelligence-related conditions and threats so that the users can better protect their networks and systems; computer hardware using machine learning, artificial intelligence and/or analytics to provide business solutions and services; downloadable and recorded computer business solutions and services software using machine learning, artificial intelligence and/or analytics for purposes of providing classified intelligence mission outcomes and business intelligence; computer hardware for offensive cybersecurity capabilities; downloadable and recorded computer software, namely, software for conducting static and dynamic analysis, reverse engineering and vulnerability research for purposes of offensive cybersecurity capabilities training services in the fields of cybersecurity, computer security, network security, and data security cybersecurity services, namely, maintenance and updating of computer software relating to computer security and prevention of computer risks; cybersecurity services, namely, enforcing, restricting, and controlling access privileges of users of computer and network systems; cybersecurity services, namely, restricting access to and by computer networks; cybersecurity consulting, namely, scanning and penetration testing of computers and networks to assess information security vulnerability; computer security consultancy; internet security consultancy; data security consultancy; computer network security consulting services; providing consulting services relating to cybersecurity and to enable others to achieve their security goals and protect their computer networks and systems; providing computer security consulting services relating to intelligence, counterintelligence, and data analysis; computer security consulting services in the fields of artificial intelligence, machine learning, and analytics; providing computer security consultancy services relating to offensive cybersecurity
09 - Appareils et instruments scientifiques et électriques
41 - Éducation, divertissements, activités sportives et culturelles
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
computer hardware in the field of cybersecurity and computer security; downloadable and recorded computer software in the field of cybersecurity and computer security, namely, software for conducting static and dynamic analysis for purposes of identifying and protecting against security threats; computer network security hardware; downloadable and recorded computer software in the field of network security, namely, software for conducting static and dynamic analysis for purposes of identifying and protecting against security threats; intelligence, counterintelligence, and data analysis computer hardware; downloadable and recorded computer software in the fields of intelligence, counterintelligence, and data analysis, namely, software for conducting static and dynamic analysis, data analysis and data engineering, and running mission-specific algorithms for purposes of identifying and protecting against security and classified intelligence-related threats; computer hardware providing users with information concerning conditions and threats so that the users can better protect their networks and systems; downloadable and recorded computer software that provides users with near- and real-time information concerning cybersecurity and classified intelligence-related conditions and threats so that the users can better protect their networks and systems; computer hardware using machine learning, artificial intelligence and/or analytics to provide business solutions and services; downloadable and recorded computer business solutions and services software using machine learning, artificial intelligence and/or analytics for purposes of providing classified intelligence mission outcomes and business intelligence; computer hardware for offensive cybersecurity capabilities; downloadable and recorded computer software, namely, software for conducting static and dynamic analysis, reverse engineering and vulnerability research for purposes of offensive cybersecurity capabilities training services in the fields of cybersecurity, computer security, network security, and data security cybersecurity services, namely, maintenance and updating of computer software relating to computer security and prevention of computer risks; cybersecurity services, namely, enforcing, restricting, and controlling access privileges of users of computer and network systems; cybersecurity services, namely, restricting access to and by computer networks; cybersecurity consulting, namely, scanning and penetration testing of computers and networks to assess information security vulnerability; computer security consultancy; internet security consultancy; data security consultancy; computer network security consulting services; providing consulting services relating to cybersecurity and to enable others to achieve their security goals and protect their computer networks and systems; providing computer security consulting services relating to intelligence, counterintelligence, and data analysis; computer security consulting services in the fields of artificial intelligence, machine learning, and analytics; providing computer security consultancy services relating to offensive cybersecurity
09 - Appareils et instruments scientifiques et électriques
41 - Éducation, divertissements, activités sportives et culturelles
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
computer hardware in the field of cybersecurity and computer security; downloadable and recorded computer software in the field of cybersecurity and computer security, namely, software for conducting static and dynamic analysis for purposes of identifying and protecting against security threats; computer network security hardware; downloadable and recorded computer software in the field of network security, namely, software for conducting static and dynamic analysis for purposes of identifying and protecting against security threats; intelligence, counterintelligence, and data analysis computer hardware; downloadable and recorded computer software in the fields of intelligence, counterintelligence, and data analysis, namely, software for conducting static and dynamic analysis, data analysis and data engineering, and running mission-specific algorithms for purposes of identifying and protecting against security and classified intelligence-related threats; computer hardware providing users with information concerning conditions and threats so that the users can better protect their networks and systems; downloadable and recorded computer software that provides users with near- and real-time information concerning cybersecurity and classified intelligence-related conditions and threats so that the users can better protect their networks and systems; computer hardware using machine learning, artificial intelligence and/or analytics to provide business solutions and services; downloadable and recorded computer business solutions and services software using machine learning, artificial intelligence and/or analytics for purposes of providing classified intelligence mission outcomes and business intelligence; computer hardware for offensive cybersecurity capabilities; downloadable and recorded computer software, namely, software for conducting static and dynamic analysis, reverse engineering and vulnerability research for purposes of offensive cybersecurity capabilities training services in the fields of cybersecurity, computer security, network security, and data security cybersecurity services, namely, maintenance and updating of computer software relating to computer security and prevention of computer risks; cybersecurity services, namely, enforcing, restricting, and controlling access privileges of users of computer and network systems; cybersecurity services, namely, restricting access to and by computer networks; cybersecurity consulting, namely, scanning and penetration testing of computers and networks to assess information security vulnerability; computer security consultancy; internet security consultancy; data security consultancy; computer network security consulting services; providing consulting services relating to cybersecurity and to enable others to achieve their security goals and protect their computer networks and systems; providing computer security consulting services relating to intelligence, counterintelligence, and data analysis; computer security consulting services in the fields of artificial intelligence, machine learning, and analytics; providing computer security consultancy services relating to offensive cybersecurity
09 - Appareils et instruments scientifiques et électriques
41 - Éducation, divertissements, activités sportives et culturelles
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer hardware in the field of cybersecurity and computer security; downloadable and recorded computer software in the field of cybersecurity and computer security, namely, software for conducting static and dynamic data analysis for purposes of identifying and protecting against security threats; Computer network security hardware; Downloadable and recorded computer software in the field of network security, namely, software for conducting static and dynamic data analysis for purposes of identifying and protecting against security threats; Intelligence, counterintelligence, and data analysis computer hardware; Downloadable and recorded computer software in the fields of intelligence, counterintelligence, and data analysis, namely, software for conducting static and dynamic data analysis and data engineering, and for conducting static and dynamic data analysis for purposes of identifying and protecting against security threats; Downloadable and recorded computer software for use in the fields of intelligence, counterintelligence, and data analysis, namely, software for conducting static and dynamic analysis, data analysis and data engineering, and for running mission-specific algorithms for purposes of identifying and protecting against security and classified intelligence-related threats; Computer hardware for use providing users with information concerning conditions and threats so that the users can better protect their computer networks and systems; Downloadable and recorded computer software for data analysis that provides users with near- and real-time information concerning cybersecurity and classified intelligence-related conditions and threats so that the users can better protect their computer networks and systems; Computer hardware featuring machine learning, artificial intelligence and analytics to provide business solutions and services; Downloadable and recorded computer business solutions and services software for data analysis using machine learning, artificial intelligence and analytics for purposes of providing classified intelligence mission outcomes and business intelligence; Computer hardware featuring offensive cybersecurity capabilities; Downloadable and recorded computer software, namely, software for conducting static and dynamic data analysis, reverse engineering and vulnerability research for purposes of offensive cybersecurity capabilities; Training services in the fields of cybersecurity, computer security, network security, and data security Cybersecurity services, namely, maintenance and updating of computer software relating to computer security and prevention of computer risks; Cybersecurity services, namely, enforcing, restricting, and controlling access privileges of users of computer and network systems based on assigned credentials; Cybersecurity services, namely, restricting unauthorized access to computer networks; Cybersecurity consulting, namely, scanning and penetration testing of computers and networks to assess information security vulnerability; Computer security consultancy; Internet security consultancy; Data security consultancy; Computer network security consulting services; Providing consulting services relating to cybersecurity to enable others to achieve their security goals and protect their computer networks and systems being technology consultation in the field of cybersecurity; Providing computer security consulting services relating to intelligence, counterintelligence, and data analysis; Computer security consulting services in the fields of artificial intelligence, machine learning, and analytics; Providing computer security consultancy services relating to offensive cybersecurity mission-specific algorithms for purposes of identifying and protecting against security and classified intelligence-related threats;
09 - Appareils et instruments scientifiques et électriques
Produits et services
Downloadable and recorded computer software and firmware for the protection of third party computer systems to ensure secure launch and runtime integrity, for cybersecurity, for defending against cyber-attacks, for authenticating computers, for protecting confidentiality of data on computer systems, for preventing unauthorized access to computer systems, and for assessing the security and integrity of computer systems
41 - Éducation, divertissements, activités sportives et culturelles
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Training services in the fields of cybersecurity, computer security, network security, and data security Cybersecurity services, namely, maintenance and updating of computer software relating to computer security and prevention of computer risks; cybersecurity consulting, namely, scanning and penetration testing of computers and networks to assess information security vulnerability; computer security consultancy; internet security consultancy; data security consultancy; computer network security consulting services; computer security consultancy, namely, providing consulting services relating to cybersecurity and to enable others to achieve their security goals and protect their computer networks and systems; providing computer security consulting services relating to intelligence, counterintelligence, and data analysis; computer security consulting services in the fields of artificial intelligence, machine learning, and analytics; providing computer security consultancy services relating to offensive cybersecurity
09 - Appareils et instruments scientifiques et électriques
41 - Éducation, divertissements, activités sportives et culturelles
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer hardware in the field of cybersecurity and computer security; downloadable and recorded computer software in the field of cybersecurity and computer security, namely, software for conducting static and dynamic analysis for purposes of identifying and protecting against security threats; computer network security hardware; downloadable and recorded computer software in the field of network security, namely, software for conducting static and dynamic analysis for purposes of identifying and protecting against security threats; intelligence, counterintelligence, and data analysis computer hardware; downloadable and recorded computer software in the fields of intelligence, counterintelligence, and data analysis, namely, software for conducting static and dynamic analysis, data analysis and data engineering, and running mission-specific algorithms for purposes of identifying and protecting against security and classified intelligence-related threats; computer hardware providing users with information concerning conditions and threats so that the users can better protect their networks and systems; downloadable and recorded computer software that provides users with near- and real-time information concerning cybersecurity and classified intelligence-related conditions and threats so that the users can better protect their networks and systems; computer hardware using machine learning, artificial intelligence and/or analytics to provide business solutions and services; downloadable and recorded computer business solutions and services software using machine learning, artificial intelligence and/or analytics for purposes of providing classified intelligence mission outcomes and business intelligence; computer hardware for offensive cybersecurity capabilities; downloadable and recorded computer software, namely, software for conducting static and dynamic analysis, reverse engineering and vulnerability research for purposes of offensive cybersecurity capabilities Training services in the fields of cybersecurity, computer security, network security, and data security Cybersecurity services, namely, maintenance and updating of computer software relating to computer security and prevention of computer risks; cybersecurity services, namely, enforcing, restricting, and controlling access privileges of users of computer and network systems; cybersecurity services, namely, restricting access to and by computer networks; cybersecurity consulting, namely, scanning and penetration testing of computers and networks to assess information security vulnerability; computer security consultancy; internet security consultancy; data security consultancy; computer network security consulting services; providing consulting services relating to cybersecurity and to enable others to achieve their security goals and protect their computer networks and systems; providing computer security consulting services relating to intelligence, counterintelligence, and data analysis; computer security consulting services in the fields of artificial intelligence, machine learning, and analytics; providing computer security consultancy services relating to offensive cybersecurity
09 - Appareils et instruments scientifiques et électriques
41 - Éducation, divertissements, activités sportives et culturelles
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer hardware in the field of cybersecurity and computer security; downloadable and recorded computer software in the field of cybersecurity and computer security, namely, software for conducting static and dynamic analysis for purposes of identifying and protecting against security threats; computer network security hardware; downloadable and recorded computer software in the field of network security, namely, software for conducting static and dynamic analysis for purposes of identifying and protecting against security threats; intelligence, counterintelligence, and data analysis computer hardware; downloadable and recorded computer software in the fields of intelligence, counterintelligence, and data analysis, namely, software for conducting static and dynamic analysis, data analysis and data engineering, and running mission-specific algorithms for purposes of identifying and protecting against security and classified intelligence-related threats; computer hardware providing users with information concerning conditions and threats so that the users can better protect their networks and systems; downloadable and recorded computer software that provides users with near- and real-time information concerning cybersecurity and classified intelligence-related conditions and threats so that the users can better protect their networks and systems; computer hardware using machine learning, artificial intelligence and/or analytics to provide business solutions and services; downloadable and recorded computer business solutions and services software using machine learning, artificial intelligence and/or analytics for purposes of providing classified intelligence mission outcomes and business intelligence; computer hardware for offensive cybersecurity capabilities; downloadable and recorded computer software, namely, software for conducting static and dynamic analysis, reverse engineering and vulnerability research for purposes of offensive cybersecurity capabilities Training services in the fields of cybersecurity, computer security, network security, and data security Cybersecurity services, namely, maintenance and updating of computer software relating to computer security and prevention of computer risks; cybersecurity services, namely, enforcing, restricting, and controlling access privileges of users of computer and network systems; cybersecurity services, namely, restricting access to and by computer networks; cybersecurity consulting, namely, scanning and penetration testing of computers and networks to assess information security vulnerability; computer security consultancy; internet security consultancy; data security consultancy; computer network security consulting services; providing consulting services relating to cybersecurity and to enable others to achieve their security goals and protect their computer networks and systems; providing computer security consulting services relating to intelligence, counterintelligence, and data analysis; computer security consulting services in the fields of artificial intelligence, machine learning, and analytics; providing computer security consultancy services relating to offensive cybersecurity
09 - Appareils et instruments scientifiques et électriques
41 - Éducation, divertissements, activités sportives et culturelles
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer hardware in the field of cybersecurity and computer security; downloadable and recorded computer software in the field of cybersecurity and computer security, namely, software for conducting static and dynamic analysis for purposes of identifying and protecting against security threats; computer network security hardware; downloadable and recorded computer software in the field of network security, namely, software for conducting static and dynamic analysis for purposes of identifying and protecting against security threats; intelligence, counterintelligence, and data analysis computer hardware; downloadable and recorded computer software in the fields of intelligence, counterintelligence, and data analysis, namely, software for conducting static and dynamic analysis, data analysis and data engineering, and running mission-specific algorithms for purposes of identifying and protecting against security and classified intelligence-related threats; computer hardware providing users with information concerning conditions and threats so that the users can better protect their networks and systems; downloadable and recorded computer software that provides users with near- and real-time information concerning cybersecurity and classified intelligence-related conditions and threats so that the users can better protect their networks and systems; computer hardware using machine learning, artificial intelligence and/or analytics to provide business solutions and services; downloadable and recorded computer business solutions and services software using machine learning, artificial intelligence and/or analytics for purposes of providing classified intelligence mission outcomes and business intelligence; computer hardware for offensive cybersecurity capabilities; downloadable and recorded computer software, namely, software for conducting static and dynamic analysis, reverse engineering and vulnerability research for purposes of offensive cybersecurity capabilities Training services in the fields of cybersecurity, computer security, network security, and data security Cybersecurity services, namely, maintenance and updating of computer software relating to computer security and prevention of computer risks; cybersecurity services, namely, enforcing, restricting, and controlling access privileges of users of computer and network systems; cybersecurity services, namely, restricting access to and by computer networks; cybersecurity consulting, namely, scanning and penetration testing of computers and networks to assess information security vulnerability; computer security consultancy; internet security consultancy; data security consultancy; computer network security consulting services; providing consulting services relating to cybersecurity and to enable others to achieve their security goals and protect their computer networks and systems; providing computer security consulting services relating to intelligence, counterintelligence, and data analysis; computer security consulting services in the fields of artificial intelligence, machine learning, and analytics; providing computer security consultancy services relating to offensive cybersecurity
A system for aggregating program analysis tools displays a list of program analysis tool modules on a first computer user interface, and receives from a user a selection of a first program analysis tool. The system then renders a second computer user interface for the first program analysis tool, and receives input from the user identifying an action to be performed in a reverse engineering framework. The system then transmits.
09 - Appareils et instruments scientifiques et électriques
41 - Éducation, divertissements, activités sportives et culturelles
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer hardware in the field of cybersecurity and computer security; downloadable and recorded computer software in the field of cybersecurity and computer security, namely, software for conducting static and dynamic analysis for purposes of identifying and protecting against security threats; computer network security hardware; downloadable and recorded computer software in the field of network security, namely, software for conducting static and dynamic analysis for purposes of identifying and protecting against security threats; intelligence, counterintelligence, and data analysis computer hardware; downloadable and recorded computer software in the fields of intelligence, counterintelligence, and data analysis, namely, software for conducting static and dynamic analysis, data analysis and data engineering, and running mission-specific algorithms for purposes of identifying and protecting against security and classified intelligence-related threats; computer hardware providing users with information concerning conditions and threats so that the users can better protect their networks and systems; downloadable and recorded computer software that provides users with near- and real-time information concerning cybersecurity and classified intelligence-related conditions and threats so that the users can better protect their networks and systems; computer hardware using machine learning, artificial intelligence and/or analytics to provide business solutions and services; downloadable and recorded computer business solutions and services software using machine learning, artificial intelligence and/or analytics for purposes of providing classified intelligence mission outcomes and business intelligence; computer hardware for offensive cybersecurity capabilities; downloadable and recorded computer software, namely, software for conducting static and dynamic analysis, reverse engineering and vulnerability research for purposes of offensive cybersecurity capabilities Training services in the fields of cybersecurity, computer security, network security, and data security Cybersecurity services, namely, maintenance and updating of computer software relating to computer security and prevention of computer risks; cybersecurity services, namely, enforcing, restricting, and controlling access privileges of users of computer and network systems; cybersecurity services, namely, restricting access to and by computer networks; cybersecurity consulting, namely, scanning and penetration testing of computers and networks to assess information security vulnerability; computer security consultancy; internet security consultancy; data security consultancy; computer network security consulting services; providing consulting services relating to cybersecurity and to enable others to achieve their security goals and protect their computer networks and systems; providing computer security consulting services relating to intelligence, counterintelligence, and data analysis; computer security consulting services in the fields of artificial intelligence, machine learning, and analytics; providing computer security consultancy services relating to offensive cybersecurity
A system includes a magnetic device and an emplacement tool. The emplacement tool includes at least one magnetic rotating member rotatable about a first axis and configured to adhere to a ferrous surface. The emplacement tool also includes a friction fit head configured to hold the magnetic device between internal surfaces of the friction fit head on opposing sides. The emplacement tool further includes a coupler connected to the at least one magnetic rotating member. The coupler is configured to attach to the friction fit head such that the friction fit head extends along a second axis different than the first axis.
A cyber event response playbook generation system including a data interface arranged to: i) receive, from a cyber security event and response database, a plurality of types of cyber security events and corresponding cyber security event response actions associated with each of the types of cyber security events and ii) receive, from at least one cyber security event monitor, first cyber security event data. A cyber event response playbook generator is arranged to: i) receive the plurality of types of cyber security events and corresponding cyber security event response actions from the data interface ii) receive the first cyber security event data from the data interface, iii) and automatically generate a first cyber event response playbook including one or more response actions based on the received plurality of types of cyber security events and corresponding response actions and the first cyber security event data.
A malware neutralization system for a computer network includes an intrusion detection system (IDS) in data communications with the computer network. The IDS is arranged to: i) detect malware communications between a malware command and control (C2) server and a malware client on a computer connected to the computer network and ii) send a malware alert to a malware response server. The malware response server is in communications with the computer network and arranged to: i) receive the first malware alert, ii) determine the type of malware threat based on the first malware alert, iii) intercept one or more malware messages from the malware client that are directed to the malware C2 server, iv) instantiate an appropriate malware response module, and v) use the loaded response module to send one or more malware response messages to the malware client to disrupt an operation of the malware client.
A method, comprising: detecting a first cyber event; instantiating a report, the report including an identifier corresponding to the first cyber event; generating a signature for a system log and classifying the signature for the system log with a first neural network; and adding the system log to the report based on an outcome of the classification of the signature for the system log, wherein the system log is added to the report only when the signature for the system log is classified into a predetermined category.
A device and method for context-aware, intelligent beaconing in a mission include: determining a current location of a beacon device; obtaining context information from one or more of a plurality of sensors, a database, a server, the beacon device, and external devices, wherein the context information includes behavior of the beacon device, and mission objectives; dynamically fusing the context information together to produce fused context information; dynamically setting a frequency for transmission of a beacon, based on the fused context information; and transmitting the beacon at the set frequency.
G01S 1/02 - Radiophares ou systèmes de balisage émettant des signaux ayant une ou des caractéristiques pouvant être détectées par des récepteurs non directionnels et définissant des directions, situations ou lignes de position déterminées par rapport aux émetteurs de radiophareRécepteurs travaillant avec ces systèmes utilisant les ondes radioélectriques
G01S 1/04 - Radiophares ou systèmes de balisage émettant des signaux ayant une ou des caractéristiques pouvant être détectées par des récepteurs non directionnels et définissant des directions, situations ou lignes de position déterminées par rapport aux émetteurs de radiophareRécepteurs travaillant avec ces systèmes utilisant les ondes radioélectriques Détails
H04W 4/029 - Services de gestion ou de suivi basés sur la localisation
19.
Annotated deterministic trace abstraction for advanced dynamic program analysis
A virtual machine that includes a plurality of processes executes on a computer processor. A record-replay file, trace annotations, and an application program interface request are received into the computer processor. The trace annotations and application program interface request are translated into record-replay commands. The record-replay commands capture data from the record-replay file, and the captured data can be accessed via a programmatic interface.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 16/14 - Détails de la recherche de fichiers basée sur les métadonnées des fichiers
20.
Systems and methods for evasive resiliency countermeasures
Evasive resiliency countermeasures techniques that include: implementing a cyber asset in a network element of a plurality of network elements, monitoring operations of the network; detecting an adverse event within the network; in response to detecting the adverse event, removing an availability of the cyber asset at the network element; determining when the adverse event has ended; and, in response to determining that the adverse event has ended, restoring the availability of the cyber asset at the network element.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
Discussed herein are devices, systems, and methods for detecting anomalous or malicious processes based on in-vehicle network traffic data. A method includes receiving, at a monitor device, a controller access network (CAN) bus packet from an electronic control unit (ECU), implementing an ensemble hierarchical agglomerative clustering (E-HAC) algorithm to identify respective clusters to which the CAN bus data maps, and determining, based on the identified respective clusters, whether the CAN bus packet is associated with in-vehicle network intrusion.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 18/231 - Techniques hiérarchiques, c.-à-d. la division ou la fusion d'ensembles de manière à obtenir un dendrogramme
A process detects anomalies on a controller area network (CAN) bus. An arbitration field in a message on the CAN bus is analyzed, and a data field in the message on the CAN bus is inspected. The process further monitors a frequency of message identifiers that are transmitted across the CAN bus, and determines that an overall bus load crosses a threshold. The process then transmits an alert when the analyzing the arbitration field, the inspecting the data field, the monitoring the frequency, and the determining the overall bus load indicate that an anomaly has occurred on the CAN bus.
A method for use in a computing device, the method comprising: transmitting, to a context manager, a context request associated with a process that is executed in a virtual machine; receiving, from the context manager, a context identifier in response to the context request; transmitting, to an introspection Application Programming Interface (API), a memory access request that is based, at least in part, on the context identifier.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 9/46 - Dispositions pour la multiprogrammation
A method for use in a computing device having a processor, the method comprising: executing a computer program on the processor; while the computer program is running, detecting whether any of a plurality of transition instructions of the computer program is executed, the detecting being performed by using resources that are external to the computer program; in response to detecting that a given one of the transition instructions is executed, detecting whether a current execution flow of the computer program matches a control flow graph for the computer program; and performing a countermeasure action based on one of a mismatch of the current execution flow of the computer program and the control flow graph or a current value of a memory location associated with the computer program; wherein the control flow graph for the computer program is generated by simulating an execution of the computer program.
An aspect includes monitoring storage of a computer system. Upon detecting an unauthorized modification to an original storage component in response to the monitoring, an aspect includes retrieving a backup component corresponding to the original storage component and repairing the original storage component using the backup component. In embodiments, the repair occurs in real-time without interruption to computer operation.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06F 11/14 - Détection ou correction d'erreur dans les données par redondance dans les opérations, p. ex. en utilisant différentes séquences d'opérations aboutissant au même résultat
G06F 21/64 - Protection de l’intégrité des données, p. ex. par sommes de contrôle, certificats ou signatures
G06F 21/74 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information opérant en mode dual ou compartimenté, c.-à-d. avec au moins un mode sécurisé
A system detects deviation from a computer operating system boot and operating system load. The system identifies approved operating system boot modules, approved operating system load modules, essential operating system boot components, and essential operating system configuration information, which are then hashed to create an operating system boot profile. The operating system boot modules and the operating system load modules are then executed to start the operating system. The operating system boot profile is used to verify that that there has not be any deviation from the start of the operating system.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/54 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
A method is provided comprising: monitoring, by a symbol context manager, context switch events that are generated in a virtual machine, and updating a symbol space map based on the context switch events; receiving, by the symbol context manager, a request to provide a symbol space of the virtual machine, the request being generated by a symbol database interface in response to a symbol query that is received at the symbol database interface from a debugger that is debugging the virtual machine, the symbol query being associated with a symbol that is part of the symbol space; and providing, by the symbol context manager, an indication of the symbol space of the virtual machine, the indication of the symbol space being provided based on the symbol space map.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 9/46 - Dispositions pour la multiprogrammation
A method is provided comprising: retrieving a message that is designated for transmission via a first one of a plurality of communications hardware devices, the message being retrieved from a virtual device queue that is associated with the first communications hardware device, the message being generated by a first virtual machine, and the message being designated for transmission to a second virtual machine; selecting a second one of the plurality of communications hardware devices based on a characteristic of the message; and storing the message in a socket queue that is associated with the second communications hardware device, wherein storing the message in the socket queue that is associated with the second communications hardware device causes the message to be transmitted to the second virtual machine via the second communications hardware device rather than the first communications hardware device.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
A method that includes operating a bus monitoring system having at least one interface configured to be coupled to at least one communication bus and receive bus traffic transmitted over the communication bus(es). The method also includes, using a device authentication system of the bus monitoring system, analyzing the bus traffic received via the at least one interface. Analyzing the bus traffic includes obtaining a message in the bus traffic (where the message identifies a source), identifying a support vector machine that corresponds to the source of the message, applying a wave transform to a waveform of the received message in order to generate a transformed waveform, inputting the transformed waveform to the identified support vector machine, and taking action in response to the identified support vector machine determining that the transformed waveform or the associated information does not correspond to the source.
A method for use in a computing system, comprising: storing, in a random-access memory, a working copy of a data item, the working copy of the data item being stored in the random-access memory by a first processor; registering, with a second processor, a respective address in the random-access memory where the working copy of the data item is stored; and correcting, by the second processor, any modifications to the working copy of the data item that are made after the working copy of the data item is stored in the random-access memory, the modifications being corrected in parallel with the first processor executing software based on the working copy of the data item.
A system and method for function summarization. In some embodiments, the method includes: identifying a basic function called by a first function, the first function having a signature; determining a first type, the first type being a type of an argument of the basic function or a type of a return value of the basic function; and propagating the first type, to determine a first portion of the signature of the first function.
A method includes obtaining at least one program slice embedding vector and at least one register vector that are generated based on results from a static analysis tool, the at least one register vector corresponding to the at least one program slice embedding vector. The method also includes using a machine learning model to generate, from the at least one program slice embedding vector and the at least one register vector, at least one probability rating associated with a vulnerability. The method also includes reporting the at least one probability rating for use by the static analysis tool.
A method includes selecting a fuzzer for execution by each of multiple fuzzing clients during a first time interval of a fuzzing test of computer software code. The method also includes selecting a feedback type for statistics to be reported by the fuzzing clients at an end of the first time interval of the fuzzing test. The method also includes providing an identification of the fuzzer and the feedback type to each of the fuzzing clients. The method also includes obtaining the statistics at the end of the first time interval of the fuzzing test. The method also includes determining one or more rewards based on the statistics. The method also includes adjusting multiple weights in multiple stochastic policies based on the one or more rewards, wherein the weights are used to determine the fuzzer and the feedback type in a subsequent interval of the fuzzing test.
According to aspects of the disclosure a method is provided, comprising: generating a live execution trace log corresponding to a live execution of a computer program, the live execution being performed by using both hardware emulation and hardware acceleration; generating a first trace entry corresponding to a replay execution of the computer program, the replay execution being performed by using hardware emulation without hardware acceleration, the replay execution being performed based on a set of events that are recorded during the live execution of the computer program; detecting whether the first trace entry is valid based on the live execution trace log; and in response to detecting that the first trace entry is not valid, transitioning into a safe state.
Techniques are disclosed for assessment and verification of processor configuration and settings using System Management Mode (SMM) in conjunction with a hardware root of trust (HRoT). A method may include receiving custom boot codes from a security device, the custom boot codes configured to install a security module to process a periodic System Management Interrupt (SMI), configure the periodic SMI for initiation, and configure at least one configuration register for validation in response to execution of the security module. The method may also include responsive to initiation of the configured periodic SMI, validating, using the security device, the at least one configuration register.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 9/44 - Dispositions pour exécuter des programmes spécifiques
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Techniques are disclosed for context-aware monitoring of the system memory to provide system integrity. An example methodology implementing the techniques includes determining a type of operating system (OS) that is loaded on system memory, examining contents of at least one system memory page, and assigning at least one tag to the at least one system memory page based on the determined type of OS and the examination of the contents of the at least one system memory page. The at least one tag indicates the characteristics of the contents of the at least one system memory page.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
An integrated circuit, comprising: a volatile memory module configured to store a cryptographic key; a capacitor array for providing power to the volatile memory module; and a power switching logic arranged to connect and disconnect the memory module from the capacitor array, the power switching logic being configured to operate in at least one of a first operating mode and a second operating mode, wherein, when the power switching logic operates in the first operating mode, the power switching logic is configured to disconnect the capacitor array from the volatile memory module in response to detecting a change of state of a break line, and, when the power switching logic operates in the second operating mode, the power switching logic is configured to disconnect the capacitor array from the volatile memory module in response to detecting that a voltage at a connection terminal of the integrated circuit exceeds a threshold.
G06F 12/14 - Protection contre l'utilisation non autorisée de mémoire
G06F 3/06 - Entrée numérique à partir de, ou sortie numérique vers des supports d'enregistrement
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
G06F 21/80 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du stockage de données dans les supports de stockage magnétique ou optique, p. ex. disques avec secteurs
An apparatus includes multiple interfaces configured to be coupled to multiple communication buses, where the interfaces are configured to receive bus traffic transmitted over the communication buses. The apparatus also includes one or more processing devices configured to implement an intrusion detection system. The intrusion detection system is configured to analyze the bus traffic received via one or more of the interfaces to identify anomalous bus traffic. The one or more processing devices are configured to execute multiple processes to concurrently analyze the bus traffic, and the multiple processes are configured to perform different analyses of the bus traffic.
Generally discussed herein are systems, apparatuses, and methods for patching a binary file using a nested executable. In one or more embodiments, a system can include a memory including a nested binary file stored thereon, the nested binary file including a child executable and a parent executable, the child executable configured as a payload of the parent executable, the parent executable including instructions that, when executed by an intermediate device, cause the intermediate device to identify a value of a variable of the child executable, determine a memory location on the target device corresponding to the variable, write the value of the variable to the child executable, and throw the child executable to the target device after writing the value of the variable to the determined memory location, and communications circuitry configured to provide the nested binary file to the intermediate device.
Techniques are disclosed for interposing on nondeterministic events during multicore virtual machine (VM) execution to capture information that allows for deterministically recreating the nondeterministic events during execution replay of the VM. A method may include reading, by a virtual processor running within a multicore VM instance, an instruction to execute, and, responsive to a determination that the instruction is a nondeterministic instruction, interposing on the nondeterministic instruction execution so as to allow deterministic execution of the nondeterministic instruction during replay execution of the multicore VM instance. Interposing on the nondeterministic instruction execution may include recording a partial barrier event and/or a full barrier event. The nondeterministic instruction may be a read memory access instruction or a write memory access instruction.
G06F 9/38 - Exécution simultanée d'instructions, p. ex. pipeline ou lecture en mémoire
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 9/52 - Synchronisation de programmesExclusion mutuelle, p. ex. au moyen de sémaphores
A computer system includes an operating system, a memory coupled to the operating system, and a processor (e.g., an anti-debug processor) coupled to the operating system. The operating system receives, from a debug process, a request to create an essential debug object for attachment to a target process. The anti-debug processor scans a kernel memory of the operating system for the essential debug object and verifies a presence of the essential debug object in the kernel memory, and scans the kernel memory to identify a process that has stored in the kernel memory the essential debug object. The anti-debug processor then halts the debug process, without using an internal interface or function of the operating system, thereby preventing the debug process from attaching to the target process.
G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p. ex. par masquage
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
Techniques are disclosed for dynamic access and instrumentation of model specific registers (MSRs). A virtual machine monitor (VMM) can provide a kernel application program interface (API) that can be utilized to access and instrument an MSR. A method may include receiving, by the VMM, an MSR instrumentation command that identifies an MSR to instrument and causing instrumentation of the MSR identified in the MSR instrumentation command. Instrumentation of the identified MSR can be caused by configuring or manipulating a virtual machine control structure (VMCS) of a guest virtual machine (VM). The MSR instrumentation command may be an MSR instrumentation request command, an MSR remove request command, an MSR value set request command, or an MSR value fetch request command. In some cases, the VMM may be a Type-I hypervisor.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
44.
Estimation of guest clock value based on branch instruction count and average time between branch instructions for use in deterministic replay of execution
A method for deterministic clock replay can include in response to executing a guest clock access instruction, estimating, using a virtual processor of a guest virtual machine, a value of a guest clock of the guest virtual machine based on (a) a current branch counter value that indicates a number of branch instructions executed since a first time and (b) an average time between execution of branch instructions, comparing the estimated value to an actual guest clock value of a guest clock of the guest virtual machine, and in response to determining the estimated value is less than the actual guest clock value by a threshold value, recording the number of branch instructions, the first time, and the average time between execution of branch instructions in a memory.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 9/30 - Dispositions pour exécuter des instructions machines, p. ex. décodage d'instructions
A method can include detection of policy anomalies in packets on a 1553B bus of an airborne system. A computer network defense (CND) capability message is decoded and indicates an interface to monitor. The interface is a 1553B bus of the airborne system. A CND command message, associated with the CND capability message, is decoded and includes a policy set. Packets are received from the 1553B bus. The 1553B packets are analyzed based on the policy set to determine anomalies. Non-anomalous 1553B packets are allowed to reach destinations of the non-anomalous 1553B packets. Anomalous 1553B packets are discarded such that the anomalous 1553B packets do not reach respective destinations of the anomalous 1533B packets.
A system for data protection includes a first computing device comprising a security module; and a storage device coupled to the first computing device via a network interface. The security module comprises at least one of Software Root of Trust (SRoT) and Hardware Root of Trust (HRoT). The security module is further configured to: establish a trust channel between the first computing device and the storage device or storage service; monitor the first computing device and the storage device; create and enforce multi-dimensional data access control by tightly binding data access and permissions to authorized computing devices, users, applications, system services, networks, locations, and access time windows; and take over control of the storage device or storage service in response to a security risk to the system.
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
47.
Root of trust assisted access control of secure encrypted drives
A system for data protection includes a computing device comprising a processor, a Hardware Root of Trust (HRoT) module and a storage device. The HRoT device is configured to: validate integrity of the computing device; authenticate the computing device to communicate with the storage device; and take over control of storage device access and behaviour whenever suspicious or unauthorized data access from local or remote computing devices is detected. The HRoT device is further configured to, in response to detecting a security risk to at least one of the computing device and the storage device, block communication of the storage device.
G06F 3/06 - Entrée numérique à partir de, ou sortie numérique vers des supports d'enregistrement
G06F 21/44 - Authentification de programme ou de dispositif
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
09 - Appareils et instruments scientifiques et électriques
Produits et services
Downloadable computer software for the development, testing, analyzing and debugging of computer programs and computer systems; downloadable computer software for emulating performance characteristics of computer software operating environments, computer systems and computer platforms; downloadable computer programs, namely, compiler programs, editor programs, debugger programs, and utility programs for creating other computer programs
49.
Parallel data flow analysis processing to stage automated vulnerability research
A method for data flow analysis, comprising: obtaining, by a processing circuitry, an execution trace of a software program; dividing, by the processing circuitry, the execution trace into a plurality of sections; generating a plurality of definition-and-usage chains, at least some of the definition-and-usage chains being generated by different processors, at least some of the definition-and-usage chains being generated based on different sections of the execution trace, at least two of the definition-and-usage chains being generated in parallel with one another; combining, by the processing circuitry, the plurality of definition-and-usage chains to produce a data flow graph, the definition-and-usage chains being combined based on information provided by at least one of the processors that are used to generate the definition-and-usage chains, the information indicating one or more unresolved memory locations that are accessed by respective operations corresponding to one or more incomplete usage nodes in the definition-and-usage chains.
09 - Appareils et instruments scientifiques et électriques
Produits et services
Downloadable and recorded computer software and firmware for the protection of third party computer systems to ensure secure launch and runtime integrity, for cybersecurity, for defending against cyber-attacks, for authenticating computers, for protecting confidentiality of data on computer systems, for preventing unauthorized access to computer systems, and for assessing the security and integrity of computer systems
A vehicle includes a data communication network, a serial data bus, and a plurality of electronic nodes in signal communication with the serial data bus. The vehicle further includes a node identification system configured to store a several different diagnostic tests, along with expected operating data corresponding to a given diagnostic test. The node identification system sorts the plurality of nodes into individual node groups in response to performing one or more diagnostic tests among the different available diagnostic tests.
G06F 11/22 - Détection ou localisation du matériel d'ordinateur défectueux en effectuant des tests pendant les opérations d'attente ou pendant les temps morts, p. ex. essais de mise en route
G06F 13/42 - Protocole de transfert pour bus, p. ex. liaisonSynchronisation
G06F 11/34 - Enregistrement ou évaluation statistique de l'activité du calculateur, p. ex. des interruptions ou des opérations d'entrée–sortie
09 - Appareils et instruments scientifiques et électriques
Produits et services
Computer hardware and embedded computer software for cybersecurity, for defending against cyber-attacks, for authenticating computers, for protecting confidentiality of data on computer systems, for preventing unauthorized access to computer systems, and for assessing the security and integrity of computer systems
09 - Appareils et instruments scientifiques et électriques
Produits et services
Computer hardware and embedded computer software for cybersecurity, for defending against cyber-attacks, for authenticating computers, for protecting confidentiality of data on computer systems, for preventing unauthorized access to computer systems, and for assessing the security and integrity of computer systems
09 - Appareils et instruments scientifiques et électriques
Produits et services
Downloadable and recorded computer software for cybersecurity, for defending against cyber-attacks, for authenticating computers, for protecting data on computer systems, for preventing unauthorized modifications to computer systems, and for assessing the security and integrity of computer systems
09 - Appareils et instruments scientifiques et électriques
Produits et services
Downloadable and recorded computer software for cybersecurity, for defending against cyber-attacks, for authenticating computers, for protecting data on computer systems, for preventing unauthorized modifications to computer systems, and for assessing the security and integrity of computer systems
09 - Appareils et instruments scientifiques et électriques
Produits et services
downloadable and recorded computer software for monitoring computer systems for cybersecurity purposes, specifically for monitoring communication bus traffic and other bus architecture in computer systems
57.
System and method for booting processors with encrypted boot image
The concepts, systems and methods described herein are directed towards a method for secure booting. The method is provided to including: loading and executing a firmware in a Management Engine (ME) of a system; establishing, by the ME, a communication channel to a security device; receiving, by the ME, an encrypted boot image from the security device; decrypting, by the ME, the encrypted boot image; storing, by the ME, the decrypted boot image in a secured storage medium; and resetting the system using the decrypted boot image in the secured storage medium.
G06F 9/00 - Dispositions pour la commande par programme, p. ex. unités de commande
G06F 15/177 - Commande d'initialisation ou de configuration
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 1/24 - Moyens pour la remise à l'état initial
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
58.
Cross-domain solution using network-connected hardware root-of-trust device
The concepts, systems and methods described herein are directed towards a security system. The system is provided to include a Hardware Root of Trust (HRoT) device comprising a processor and memory that is configured for connection and authentication to first and second host devices which are configured to communicate via a first communication channel having a first security level and a second communication channel having a second security level which is more secure than the first security level. The HRoT device is configured to: connect the first and second host devices via the second communication channel; and monitor the security of the first and second host devices over the second communication channel.
An industrial control system (ICS) communicates via ICS protocols. A model is deployed in an information technology (IT) and operation technology (OT) network. Security policies are dynamically updated as the particular IT and OT network are used, patched, and modified. A deep packet inspection is used to enforce ICS constraints and ICS behaviors defined by the initial model. A state of the deep packet inspection is reported for situational awareness and debugging purposes. An alert is transmitted when anomalies are detected when ICS protocol traffic traverses ICS firewall network paths that execute ICS policies.
A method can include for vulnerability analysis based on input or output points inferred from execution traces can include monitoring application access operations to a memory, monitoring responses from the memory to the access operations, generating execution traces based on the monitored access operations and responses, the execution traces including data identifying an instruction to be performed and a corresponding memory location to access in performing the operation, identifying and recording whether the instruction corresponds to an input or an output to the system based on the generated execution traces, and determining vulnerabilities of the application based on the generated execution traces and identification of the instruction corresponding to the input or output.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 12/14 - Protection contre l'utilisation non autorisée de mémoire
G06F 21/54 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
61.
Controlling security state of commercial off the shelf (COTS) system
The concepts, systems and methods described herein are directed towards a method for secure booting running on a security device. The method is provided to include: receiving a public key from a security device; validating the security device by comparing the received public key with a hash code; in response that the security device is validated, receiving custom codes from the security device and storing the custom codes in a microprocessor, wherein the microprocessor is located in a programmable memory of a primary processor; programming the programmable memory by executing the custom codes; and executing a boot sequence of the primary processor by the programmable memory.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/44 - Authentification de programme ou de dispositif
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
A multimode tracking device includes a line of site (LOS) antenna; an LOS modem for communicating with other multimode tracking devices and for measuring power of a received signal; a satellite antenna; a satellite modem for communicating with a satellite for receiving and sending text messages, data and commands to and from external devices including a tracking and locating system; a Bluetooth or WiFi Direct interface for communicating with external mobile devices; an inertia measurement unit for providing motion tracking information; a user interface for interfacing with a user; and a processor for generating and displaying a line of bearing to the target on the display, based on the measured power and the motion tracking information. The multimode tracking device tracks assets and personnel and sends/receives text messages, data and commands to/from external devices both over the horizon via the satellite and locally via the LOS modem.
G01S 19/26 - Acquisition ou poursuite des signaux émis par le système faisant intervenir une mesure par capteur pour faciliter l'acquisition ou la poursuite
G01S 3/20 - Systèmes pour déterminer une direction ou une déviation par rapport à une direction prédéterminée utilisant une comparaison d'amplitude de signaux provenant successivement d'antennes ou de systèmes d'antennes réceptrices ayant des caractéristiques de directivité différemment orientées ou d'un système d'antenne ayant une caractéristique de directivité à orientation variant périodiquement provenant d'un signal d'échantillonnage reçu par un système d'antenne ayant une caractéristique de directivité à orientation variant périodiquement
G01S 3/14 - Systèmes pour déterminer une direction ou une déviation par rapport à une direction prédéterminée
H01Q 1/24 - SupportsMoyens de montage par association structurale avec d'autres équipements ou objets avec appareil récepteur
G01S 5/00 - Localisation par coordination de plusieurs déterminations de direction ou de ligne de positionLocalisation par coordination de plusieurs déterminations de distance
G01S 3/04 - Radiogoniomètres pour déterminer la direction d'où proviennent des ondes infrasonores, sonores, ultrasonores ou électromagnétiques ou des émissions de particules sans caractéristiques de direction utilisant des ondes radio Détails
Embodiments of a central emulator, distributed emulator and method for emulation of a system are generally described herein. The central emulator may receive state variables from distributed emulators at various emulation times. As an example, such an emulation time may be related to an emulation event at one of the distributed emulators. The central emulator may determine global snapshots of the system emulation for the emulation times based on the state variables. The global snapshots may be used to control a timing of the system emulation for operations such as rewinding, pausing, forwarding and/or setting to a target time.
A method includes detecting a triggering event at a hypervisor, where the hypervisor is executed by a computing node. The method also includes capturing, from a memory device of the computing node using the hypervisor, one or more images of a basic input/output system (BIOS) of the computing node and/or a firmware of the computing node. The method further includes analyzing the one or more images to detect a problem with the computing node and taking at least one action in response to detecting the problem with the computing node. The one or more images are obtained by the hypervisor directly from the memory device.
G06F 11/00 - Détection d'erreursCorrection d'erreursContrôle de fonctionnement
G06F 11/07 - Réaction à l'apparition d'un défaut, p. ex. tolérance de certains défauts
G06F 11/14 - Détection ou correction d'erreur dans les données par redondance dans les opérations, p. ex. en utilisant différentes séquences d'opérations aboutissant au même résultat
G06F 11/20 - Détection ou correction d'erreur dans une donnée par redondance dans le matériel en utilisant un masquage actif du défaut, p. ex. en déconnectant les éléments défaillants ou en insérant des éléments de rechange
65.
Hypervisor-based binding of data to cloud environment for improved security
A method includes receiving a request at a first hypervisor from an application within a virtual machine. The virtual machine is executed within a virtualization layer supported by a second hypervisor, and the virtual machine and the hypervisors are executed by a computing node. The method also includes interrupting execution of the application and determining an authorization key using hashing operations performed by the first hypervisor based on measurements associated with the computing node and data associated with the first hypervisor. The method further includes storing the authorization key and resuming execution of the application. In addition, the method could include performing the receiving, interrupting, determining, storing, and resuming steps at each of multiple computing nodes in a computing cloud, where each computing node executes first and second hypervisors. The first hypervisors in the computing nodes can bind the virtual machine to the computing cloud.
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
66.
Technique for verifying virtual machine integrity using hypervisor-based memory snapshots
A method includes receiving a request at a hypervisor from an application, where the application and the hypervisor are executed by a computing node. The request identifies a memory location in a memory device of the computing node, and the memory location is associated with a virtual machine executed by the computing node. The method also includes obtaining a snapshot of contents of the memory location in the memory device, where the snapshot is obtained by the hypervisor directly from the memory device. The method further includes providing the snapshot to the application. The application could form part of a second virtual machine that is executed by the computing node.
Methods and systems allow the use of hypervisors to use software breakpoints in the same manner as hardware breakpoints. A program to be tested is executed by a hypervisor running a virtual machine. A memory page containing the location of a breakpoint is copied to a temporary memory page. Then a new page is written containing breakpoint instructions at specified memory locations. The new page is tagged as execute only, so the program to be tested is unaware of any changes to the program. If the program attempts to read from the changed memory page, it will read from the temporary memory page instead. Such a method can be used to search websites for malware in relative safety because of the inability of the malware to write to memory locations that are located on a page that is execute only.
G06F 9/44 - Dispositions pour exécuter des programmes spécifiques
G06F 11/00 - Détection d'erreursCorrection d'erreursContrôle de fonctionnement
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 12/14 - Protection contre l'utilisation non autorisée de mémoire
G06F 11/36 - Prévention d'erreurs par analyse, par débogage ou par test de logiciel
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
69.
Automatic algorithm discovery using reverse dataflow analysis
A system and method for finding vulnerabilities and tracing an end result associated with a vulnerability to its origins in user data. A user data source containing an ordered sequence of user data items may be a data file. In one embodiment the method for identifying, in the user data source, the origins of the end result, includes associating with each user data item a location identifier identifying the location of the user data item in the sequence of user data items executing instructions with a virtual machine, associating with each result the location identifier of the data item when one argument is a user data item and a tag when more than one argument is a user data item. This process may be continued until the end result is obtained. Subsequently, the method may include stepping through instructions with the virtual machine in reverse order, to tracing the origins of the end result to each of the user data items contributing to the result.
G06F 11/00 - Détection d'erreursCorrection d'erreursContrôle de fonctionnement
G06F 21/50 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation
G06F 11/36 - Prévention d'erreurs par analyse, par débogage ou par test de logiciel
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
70.
Internet security cyber threat reporting system and method
A risk assessment and managed security system for network users provides security services for dealing with formidable cyber threats, malware creations and phishing techniques. Automated solutions in combination with human-driven solutions establish an always-alert positioning for incident anticipation, mitigation, discovery and response. Assessments of threats are made and reported to a client system being monitored. The system provides an ability to receive in different file formats, and/or export from leading IT asset products asset lists for client enterprise computer systems and infrastructure, so that assets are linked to the client computer systems that are described in an incident that is being reported to the client.
A risk assessment and managed security system for network users provides security services for dealing with formidable cyber threats, malware creations and phishing techniques. Automated solutions in combination with human-driven solutions establish an always-alert positioning for incident anticipation, mitigation, discovery and response. A proactive, intelligence-driven and customized approach is taken to protect network users. Assessments of threats are made before and after a breach. Cyber threats are identified in advance of a resulting network problem, and automated analysis locates the threats and stops them from having an adverse effect. Humans can focus on the high-level view, instead of looking at every single potential problem area. Troubling patterns may be reviewed within the network environment to identify issues. Cyber analysis is conducted to provide a baseline over time via statistically proven, predictive models that anticipate vulnerabilities brought on by social-media usage, Web surfing and other behaviors that invite risk.
This disclosure addresses systems and methods for the protection of hardware and software in a computing environment. A hypervisor-monitor may be nested between the hardware of a host system and a hypervisor that is capable of supporting one or more guest virtual machines. The hypervisor-monitor may intercept exceptions generated by one or more processors in the host system and inspect software instructions for the hypervisor and the guests. Inspection may include performing a hash of the software instructions and a comparison of the hash with authorized software modules or a set of known malware. In this manner the hypervisor-monitor may monitor prevent the execution of malware by the hypervisor or the guests or provide a record of when code of an unknown origin was executed.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/53 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p. ex. "boîte à sable" ou machine virtuelle sécurisée
73.
Methods and apparatuses for monitoring activities of virtual machines
Embodiments of a method and apparatus for monitoring activity on a virtual machine are generally described herein. The activity may be monitored by a first hypervisor and the virtual machine may be controlled by a second hypervisor. In some embodiments, the method includes setting a breakpoint in a kernel function of the virtual machine. The method may further include generating a page fault, responsive to the virtual machine halting execution at the breakpoint, to cause the second hypervisor to page in contents of a memory location accessed by the kernel function. The method may further include inspecting the contents of the memory location to detect activity in the virtual machine.
G06F 11/36 - Prévention d'erreurs par analyse, par débogage ou par test de logiciel
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
An asset tracking unit, system, and method may include at least one transceiver having communicative connections with at least one SATCOM network and at least one GPS network via at least one antenna, wherein tracking information for at least one asset associated with the at least one transceiver is received from the GPS network and is communicated to the SATCOM network, a first link that provides a multi-code one of the communicative connections between the at least one transceiver and the at least one SATCOM network, and a second link that provides a multi-channel one of the communicative connections between the at least one transceiver and the at least one GPS network. The unit, system and method may additionally include at least one remote operations center remote from an asset to be tracked, wherein the asset to be tracked is geographically associated with the central processing unit.
An apparatus includes a set of network communication modules, a communication control module and an input actuator. Each network communication module from the set of network communication modules is configured to send signals to and receive signals from a remote device via a distinct communication mode from a set of communication modes. The communication control module is configured to periodically send a set of second status signals intended to be sent to the remote device via each communication mode from the set of communication modes when the communication control module is in an emergency operating mode and the communication mode is available. The communication control module is configured to switch from the default operating mode to the emergency operating mode in response to receiving an input signal indicating that the input actuator has been actuated.
H04M 11/04 - Systèmes de communication téléphonique spécialement adaptés pour être combinés avec d'autres systèmes électriques avec systèmes d’alarme, p. ex. systèmes d’alarme d'incendie, de police ou systèmes antivol
77.
Mobile unit and system having integrated mapping, communications and tracking
A handheld device and system, in which such device and system include at least one mapping module, at least one tracking module interoperative with the at least one mapping module, at least one communications module interoperative with each of the at least one tracking module and the at least one mapping module, and at least two antennae communicatively connected via the at least one communications module to at least one central processing unit. At least one of the at least two antenna is suitable for communications using at least two distinct to communication modes.
A handheld device and system, in which such device and system include at least one mapping module, at least one tracking module interoperative with said at least one mapping module, at least one communications module interoperative with each of said at least one tracking module and said at least one mapping module, at least two antennae communicatively connected via said at least one communications module to at least one central processing unit, wherein at least one of said at least two antenna is suitable for communications using at least two distinct communication modes.
An asset tracking unit, system, and method. The asset tracking unit, system, and method may include at least one transceiver having communicative connections with at least one SATCOM network and at least one GPS network via at least one antenna, wherein tracking information for at least one asset associated with the at least one transceiver is received from the GPS network and is communicated to the SATCOM network, a first link that provides a multi-code one of the communicative connections between the at least one transceiver and the at least one SATCOM network, and a second link that provides a multi-channel one of the communicative connections between the at least one transceiver and he at least one GPS network. The unit system and method may additionally include at least one remote operations center remote from an asset to be tracked, wherein the asset to be tracked is geographically associated with the central processing unit.
An asset tracking unit, system, and method. The asset tracking unit, system, and method may include at least one transceiver having communicative connections with at least one SATCOM network and at least one GPS network via at least one antenna, wherein tracking information for at least one asset associated with the at least one transceiver is received from the GPS network and is communicated to the SATCOM network, a first link that provides a multi-code one of the communicative connections between the at least one transceiver and the at least one SATCOM network, and a second link that provides a multi-channel one of the communicative connections between the at least one transceiver and he at least one GPS network. The unit system and method may additionally include at least one remote operations center remote from an asset to be tracked, wherein the asset to be tracked is geographically associated with the central processing unit.
A system for search and rescue includes a rescue beacon including a radiation source to emit radiation, at least a portion of which includes ultraviolet c-band radiation, and an ultraviolet c-band detector to detect the ultraviolet c-band radiation to enable locating of the rescue beacon.
A breaching apparatus includes an impactor element and a self-contained energy source. The self-contained energy source enables the impactor element to impact a first surface of a structure. The impactor element is configured to transmit a localized shock wave through the structure upon impact. The self-contained energy source is capable of accelerating the impactor element to a velocity sufficient to induce spalling at a second surface of the structure. Multiple breaching apparatuses can be supported by a frame to facilitate simultaneous or successive breaching of the structure. The breaching apparatus can be used in a method to breach a concrete structure.
B25D 9/00 - Outils portatifs à percussion entraînés par la pression d'un fluide, p. ex. ayant plusieurs têtes d'outils à percussion actionnées simultanément
40 - Traitement de matériaux; recyclage, purification de l'air et traitement de l'eau
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Providing services in the field of administration and support of existing and prospective customer contracts, namely, consulting on, tracking and implementing business process re-engineering; Business consultation regarding contract initiation and start-up processes, namely, assistance in the management of business activities in the area of contract transition and management thereof with public and Government sector entities; Business development services, namely, providing start-up support for businesses of others; Services in the form of consulting on, tracking and implementing workforce transition, namely, personnel recruitment and placement; Business consultation regarding third party certified processes for business operations and maintenance; Consulting on, tracking and implementing business risk management; Consulting on, tracking and implementing business task order management; Services in the form of consulting on, tracking and implementing financial performance and contract execution metrics, namely, providing statistical information for business or commercial purposes Re-badging of incumbent employees for the businesses of others, namely, printing employee identification cards Development and maintenance of computer software for the businesses of others
37 - Services de construction; extraction minière; installation et réparation
41 - Éducation, divertissements, activités sportives et culturelles
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
[ Installation and maintenance of computer and communications network hardware used in the wireless telecommunications field ] [ Language translation and interpretation services; ] security training services in the field of government and homeland security information; security training others in the locating, mapping, navigating and monitoring the position or status of persons or goods for security and investigatory purposes Custom development of computer software and hardware for others; research and development for others in the fields of software, hardware, operating systems, and wireless communications used in locating, mapping, navigating and monitoring the position or status of persons or goods installation, maintenance, and support services for computer software and communications network software used in the wireless telecommunications field; Communications services, namely, developing, implementing, integrating and monitoring secure communication networks for others, namely, design and development of security systems and contingency planning for information systems, developing and implementing customized plans for improving security and preventing criminal activity for businesses and governmental agencies, integration of computer communication systems and networks, computer monitoring tracking hardware performance and processes which sends out historical reports and alerts; Consulting services in the field of computer security; Consultation in the field of secure computer networking, information assurance and identity and access management, namely, consulting in the field of secure computer network integration [ Consulting services in the field of national security; Consultation in the field of secure information assurance and identity and access management, namely, on-line monitoring to prevent illegal file sharing and providing electronic reports regarding attempts at illegal file sharing in connection therewith on networks worldwide ]
09 - Appareils et instruments scientifiques et électriques
Produits et services
Computer software for communication and visualization functions between mobile communications devices for use in surveillance, military and government operations; computer software for locating, mapping, navigating, and monitoring the position and status of persons or goods for use in surveillance, military and government operations; [ personal digital assistants, namely, PDAs for use in surveillance, military and government operations; ] mobile communication devices and cellular communication devices, namely, communication transmitters for use in surveillance, military and government operations; [ radio frequency identification (RFID) tags and readers; ] devices for mapping, navigating, and monitoring the position and status of persons or goods, namely, automated self contained electronic surveillance devices that can be deployed to support government operations in remote locations, and sensors for use in military, law enforcement, civil, scientific and industrial applications; portable electronic surveillance tags and tagging equipment incorporating global positioning system transmitters and receiver
A breaching apparatus includes an impactor element and a self-contained energy source. The self-contained energy source enables the impactor element to impact a first surface of a structure. The impactor element is configured to transmit a localized shock wave through the structure upon impact. The self-contained energy source is capable of accelerating the impactor element to a velocity sufficient to induce spalling at a second surface of the structure. Multiple breaching apparatuses can be supported by a frame to facilitate simultaneous or successive breaching of the structure. The breaching apparatus can be used in a method to breach a concrete structure.
B25D 9/00 - Outils portatifs à percussion entraînés par la pression d'un fluide, p. ex. ayant plusieurs têtes d'outils à percussion actionnées simultanément
An asset tracking unit, system, and method. The asset tracking unit, system, and method may include at least one transceiver having communicative connections with at least one SATCOM network and at least one GPS network via at least one antenna, wherein tracking information for at least one asset associated with the at least one transceiver is received from the GPS network and is communicated to the SATCOM network, a first link that provides a multi-code one of the communicative connections between the at least one transceiver and the at least one SATCOM network, and a second link that provides a multi-channel one of the communicative connections between the at least one transceiver and the at least one GPS network. The unit system and method may additionally include at least one remote operations center remote from an asset to be tracked, wherein the asset to be tracked is geographically associated with the central processing unit.
A handheld device and system includes a mapping module, a tracking module interoperative with the mapping module, and a communications module interoperative with the tracking module and the mapping module. At least two antennae are communicatively connected, via the communications module, to at least one central processing unit. At least one of said at least two antenna is suitable for communicating using at least two distinct communication modes.
09 - Appareils et instruments scientifiques et électriques
Produits et services
computer software for the protection of third party software to prevent against reverse engineering and tampering of said software in the field of software security
09 - Appareils et instruments scientifiques et électriques
Produits et services
computer software for the protection of third party software to prevent against reverse engineering and tampering of said software in the field of software security
A method of supporting a substrate includes inserting a rock bolt into a hole and using the rock bolt to form a groove in a wall of the hole when the rock bolt is inserted therein. The rock bolt is caused to interact with the groove in such a way that the rock bolt is secured in the hole at least in part by the interaction.
A Centralizer based Survey and Navigation (CSN) device designed to provide borehole or passageway position information. The CSN device can include one or more displacement sensors, centralizers, an odometry sensor, a borehole initialization system, and navigation algorithm implementing processor(s). Also, methods of using the CSN device for in-hole survey and navigation.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Security Consultation services, namely, physical, infrastructure, building and personal security; computer security consultation services, namely, consulting in the field of computer and network protection against hacking
